EA and Bioware notify gamers their information was stolen, a week after the hack

This site may earn affiliate commissions from the links on this page. Terms of use.

Last week, the NeverWinter Nights forums were hacked, with the attackers making off with usernames, passwords, and birth-dates. Bioware promptly locked down the forum as soon as they discovered the hack, and said they were taking steps to notify the impacted users. Today, a number of gamers reported they finally got those notifications from EA, and were advised to change their passwords: a full week after the original breach.

The story re-appeared in the news at a number of sites, claiming to be the latest in a string of security breaches at gaming companies, but in fact it’s taken EA a week to notify members of the NWN forums that their information had been stolen. Additionally, EA noted that their real names, phone numbers, NeverWinter Nights CD keys, and possibly mailing addresses were lost along with the previously disclosed birth-dates and passwords.

EA and Bioware reiterated that no financial information was stored in the forums, so the attackers wouldn’t have been able to obtain credit card numbers or social security numbers. Still, that’s likely no consolation to users who may be active NeverWinter Nights players – especially if their CD key suddenly turns up in use by someone else.

As of now, no large hacker groups have taken credit for the attack. Some immediately pointed to LulzSec as the culprit, given their history of breaking into the networks of video game companies, but LulzSec for their part hasn’t mentioned the hack at all.

The bigger question however is why did it take EA a week to notify the affected users that their data had been lost? Bioware even confirmed that the attack took place the day afterward, and in their statement they said they had already notified all of the affected users. Now it seems those notifications never went out.